RDMA/hns: avoid potential overflow of

driver inclusion category: cleanup bugzilla: NA CVE: NA ------------------------------- add brackets to avoid overflow while doing the calculation. Reviewed-by: N Hu Chunzhi <huchunzhi@huawei.com> Signed-off-by: N Zhao Weibo <zhaoweibo3@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

RDMA/hns: avoid potential overflow of
driver inclusion category: cleanup bugzilla: NA CVE: NA ------------------------------- add brackets to avoid overflow while doing the calculation. Reviewed-by: N Hu Chunzhi <huchunzhi@huawei.com> Signed-off-by: N Zhao Weibo <zhaoweibo3@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
dc071b99 · Zhao Weibo · Yang Yingliang · c4feb719 · dc071b99 · dc071b99
显示空白变更内容
内联并排

Showing with 6 addition and 6 deletion

drivers/infiniband/hw/hns/hns_roce_hw_v2.c drivers/infiniband/hw/hns/hns_roce_hw_v2.c +3 -3

drivers/infiniband/hw/hns/hns_roce_mr.c drivers/infiniband/hw/hns/hns_roce_mr.c +3 -3

未找到文件。
--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
@@ -6472,7 +6472,7 @@ static int hns_roce_mhop_alloc_eq(struct hns_roce_dev *hr_dev,
 			*(eq->bt_l0 + i) = eq->l1_dma[i];
 			for (j = 0; j < bt_chk_sz / BA_BYTE_LEN; j++) {
-				idx = i * bt_chk_sz / BA_BYTE_LEN + j;
+				idx = i * (bt_chk_sz / BA_BYTE_LEN) + j;
 				if (eq_buf_cnt + 1 < ba_num) {
 					size = buf_chk_sz;
 				} else {
@@ -6520,7 +6520,7 @@ static int hns_roce_mhop_alloc_eq(struct hns_roce_dev *hr_dev,
 				  eq->l1_dma[i]);
 		for (j = 0; j < bt_chk_sz / BA_BYTE_LEN; j++) {
-			idx = i * bt_chk_sz / BA_BYTE_LEN + j;
+			idx = i * (bt_chk_sz / BA_BYTE_LEN) + j;
 			dma_free_coherent(dev, buf_chk_sz, eq->buf[idx],
 					  eq->buf_dma[idx]);
 		}
@@ -6547,7 +6547,7 @@ static int hns_roce_mhop_alloc_eq(struct hns_roce_dev *hr_dev,
 				if (i == record_i && j >= record_j)
 					break;
-				idx = i * bt_chk_sz / BA_BYTE_LEN + j;
+				idx = i * (bt_chk_sz / BA_BYTE_LEN) + j;
 				dma_free_coherent(dev, buf_chk_sz,
 						  eq->buf[idx],
 						  eq->buf_dma[idx]);

--- a/drivers/infiniband/hw/hns/hns_roce_mr.c
+++ b/drivers/infiniband/hw/hns/hns_roce_mr.c
@@ -324,7 +324,7 @@ static void hns_roce_loop_free(struct hns_roce_dev *hr_dev,
 				if (i == loop_i && j >= loop_j)
 					break;
-				bt_idx = i * pbl_bt_sz / BA_BYTE_LEN + j;
+				bt_idx = i * (pbl_bt_sz / BA_BYTE_LEN) + j;
 				dma_free_coherent(dev, pbl_bt_sz,
 						  mr->pbl_bt_l2[bt_idx],
 						  mr->pbl_l2_dma_addr[bt_idx]);
@@ -336,7 +336,7 @@ static void hns_roce_loop_free(struct hns_roce_dev *hr_dev,
 					  mr->pbl_l1_dma_addr[i]);
 			for (j = 0; j < pbl_bt_sz / BA_BYTE_LEN; j++) {
-				bt_idx = i * pbl_bt_sz / BA_BYTE_LEN + j;
+				bt_idx = i * (pbl_bt_sz / BA_BYTE_LEN) + j;
 				dma_free_coherent(dev, pbl_bt_sz,
 						  mr->pbl_bt_l2[bt_idx],
 						  mr->pbl_l2_dma_addr[bt_idx]);
@@ -461,7 +461,7 @@ static int pbl_3hop_alloc(struct hns_roce_dev *hr_dev, int npages,
 		*(mr->pbl_bt_l0 + i) = mr->pbl_l1_dma_addr[i];
 		for (j = 0; j < pbl_bt_sz / BA_BYTE_LEN; j++) {
-			bt_idx = i * pbl_bt_sz / BA_BYTE_LEN + j;
+			bt_idx = i * (pbl_bt_sz / BA_BYTE_LEN) + j;
 			if (pbl_bt_cnt + 1 < pbl_last_bt_num) {
 				size = pbl_bt_sz;